Verizon has notified an unknown number of its prepaid customers of a cyberattack that partially exposed their credit card information, as well as a wide variety of other personally identifiable information that could lead to identity theft.
In a letter sent to its customers, Verizon said it recently spotted unusual activity on its network, and upon further investigation, discovered a breach that occurred between October 6 and October 10, 2022.
The company did not say who was behind the attack, or how the threat actors managed to get through Verizon’s endpoints.
SIM swapping attacks
It's unclear whether the breach resulted from malware, ransomware, or social engineering. It did say that the attackers obtained the last four digits of prepaid customers’ credit cards used to pay for the service.
The attackers used this information to access user accounts, engage in SIM swapping attacks, and steal sensitive data:
“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice,” the company said. “If a SIM card change occurred, Verizon has reversed it.”
Among the sensitive data stolen were names, phone numbers, postal addresses, price plans, and other service-related information.
However, Verizon have confirmed that banking data, financial data, passwords, Social Security numbers and tax IDs were not accessed.
While the company did reset the PIN codes for all affected customers, it also suggested that users review sensitive login information for themselves.
“Set a new Verizon PIN code. Do not reuse a previous PIN, and be sure to pick a unique PIN that is not used to secure other non-Verizon accounts. Set a new password and new secret question and answer for users with access to your My Verizon online account.”
- These are the best encryption software right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.